CN102768720B - A kind of method of Process Protection - Google Patents
A kind of method of Process Protection Download PDFInfo
- Publication number
- CN102768720B CN102768720B CN201210074469.0A CN201210074469A CN102768720B CN 102768720 B CN102768720 B CN 102768720B CN 201210074469 A CN201210074469 A CN 201210074469A CN 102768720 B CN102768720 B CN 102768720B
- Authority
- CN
- China
- Prior art keywords
- handle
- need
- save
- saved
- terminate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a kind of methods of Process Protection, and the handle with end process permission of process need to be saved by pre-saving;Receive external incoming execution handle;Judge whether the incoming execution handle in the outside and the handle with end process permission that need to save process are identical;Process need to be saved to described if so, sending and terminating respond request;Receive the end response that need to save process return;It is responded according to the end and executes end operation, terminate the process that need to be saved, make to need process to be protected, will not be just moved to end before no preservation is completed, reach effective protection process, the effect to ensure information safety.
Description
Technical field
The present invention is applied to the self-protection of various application software, is related to protecting information safety field, more particularly to a kind of
The method of Process Protection.
Background technique
With the continuous development of semiconductor technology, the processing capacity of computer is also increasingly enhanced.But for various reasons, still
So have crash, situations such as individual software does not respond appearance, when this, general user can pass through the process in task manager
Option is come some process that actively terminates.
In general, no matter any mode used, it is desirable to which terminate some process, requires call Windows to provide two
A function is respectively: opening process function OpenProcess and termination process function TerminateProcess.
The step of end process, is usually:
Firstly the need of the identification number ID for learning process that needs terminate by certain approach, when a process initiation, into
The ID number of journey is just determined, and is unique.
Second step is exactly to call OpenProcess, by the process ID number learnt, can be used to implement to obtain one
The handle HANDLE of operation with certain permission.
Such as learn that needing the ID of killed process is 1155, then executes following procedure sentence:
HANDLE hProcess=OpenProcess (PROCESS_TERMINATE, 0,1155);
The ID number of 1155 processes for exactly needing to terminate,
What PROCESS_TERMINATE was indicated is exactly certain " operating right label ", is specifically exactly that can terminate this
The permission of process
HProcess is exactly the HANDLE returned, returns this HANDLE, so that it may using this HANDLE come to this
A process is implemented to need the operation of " terminating process permission ", need certainly the operation of this permission also only one, exactly terminate
Process.
It should be pointed out that the HANDLE returned at this time is an interim amount, and do not have permanence and uniqueness.
Third step is implemented to terminate process operation by above-mentioned HANDLE, need to only call TerminateProcess function
, such as:
TerminateProcess (hProcess, 0);
After this three step, process will be moved to end.
However, certain softwares are reluctant to be moved to end, and then, a kind of method that the prior art then provides end process,
Wish user will not by above-mentioned mode need to process to be protected terminate, specifically: use hook hook technology,
" false OpenProcess " function code write using oneself replaces the OpenProcess letter that Windows system provides originally
Number.
In " false OpenProcess " function, software author first determines whether incoming process ID is that need are to be protected
Process ID, and judge whether the operating right needed is PROCESS_TERMINATE, if meeting the two conditions, root
Just illustrate that system just attempts to terminate to need process to be protected according to the step of above-mentioned termination process.
The step of by above-mentioned termination process, third step when calling TerminateProcess, need one correctly
HANDLE could kill process, so, software author, which only needs to return to a wrong HANDLE in previous step, to go out, and then this
As soon as when obtained HANDLE be it is wrong, so can not successfully kill needs process to be protected, thus reached guarantor
The purpose of shield process.
But for the reason of respect user's initiative, certain situation wishes process when carrying out certain work under being
(such as when saving project file) is not terminated at once, but wait work terminate all processing it is appropriate after, be further continued for implementing
The operation of termination process, in this case, the prior art just cannot achieve.
Summary of the invention
To solve the above-mentioned problems, the present invention provides a kind of methods of Process Protection, need to be saved by pre-saving
The handle with end process permission of journey;Receive external incoming execution handle;Judge the incoming execution handle in the outside
It is whether identical as the handle with end process permission that need to save process;If so, sending terminates respond request described in
Process need to be saved;Receive the end response that need to save process return;It is responded according to the end and executes end operation, terminated
The process that need to be saved makes to need process to be protected, will not just be moved to end before no preservation is completed, reach effective guarantor
Shield process, the effect to ensure information safety.
In order to achieve the above objectives, it the embodiment of the invention provides a kind of method of Process Protection, specifically includes:
Pre-save the handle with end process permission that need to save process;
Receive external incoming execution handle;
Judge the incoming execution handle in the outside is with the handle with end process permission that need to save process
It is no identical;
Process need to be saved to described if so, sending and terminating respond request;
Receive the end response that need to save process return;
It is responded according to the end and executes end operation, terminate the process that need to be saved.
Wherein, described pre-save need to save the handle with end process permission of process and specifically include:
The pre-recorded identification number ID that need to save process;
Receiving process operational order, the process operation instruction includes process identification number ID and process operation;
Judge whether the process identification number ID and the identification number ID that need to save process are identical;
If so, judging whether the process operation is termination process operation PROCESS_TERMINATE;
If so, generating the handle with end process permission that need to save process and preservation.
The judgement outside incoming execution handle and the sentence with end process permission that process need to be saved
After whether handle is identical, if it is not, then directly executing the order of the incoming execution handle in the outside.
Wherein, the transmission terminate respond request to it is described need to save process before, further includes:
Setting returns to the critical value for terminating response.
If being more than that the critical value does not receive the end response, directly execution end operation yet.
Wherein, the transmission terminate respond request to it is described need to save process after, further includes:
Judge described to save whether process is carrying out preservation work;
If it is not, then returning to the end response, if so, the preservation work is waited to terminate, the end response is returned to.
The transmission terminate respond request to it is described need to save process after, send waiting prompt information to user.
Wherein, while the return end responds, process end mark position, the end mark position setting are set
Later, the process that need to save no longer carries out the preservation work.
The embodiment of the present invention can reach it is following the utility model has the advantages that by pre-save need to save process have end process
The handle of permission;Receive external incoming execution handle;Judge that the incoming execution handle in the outside need to save process with described
The handle with end process permission it is whether identical;Process need to be saved to described if so, sending and terminating respond request;Receive institute
State the end response that need to save process return;It is responded according to the end and executes end operation, terminate the process that need to be saved,
Make to need process to be protected, will not be just moved to end before no preservation is completed, reach effective protection process, ensure information peace
Full effect.It solves the problems, such as that process is carrying out saving work but do not completing also to be moved to end process, avoids because not protecting
It deposits and results in the need for repeated work, waste of manpower, material resources.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is the embodiment of the present invention one, a kind of flow chart of the method for Process Protection;
Fig. 2 is the embodiment of the present invention one, the schematic diagram of step 1012-1014;
Fig. 3 is the real embodiment one of the present invention, the schematic diagram of step 104.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall within the protection scope of the present invention.
On the one hand the embodiment of the present invention provides a kind of method of Process Protection, specific implementation process is as shown in Figure 1, packet
It includes:
Step 101, the handle with end process permission that need to protect process is pre-saved;
It specifically includes:
Step 1011, the pre-recorded identification number ID that need to protect process;
As soon as the ID number of process is determined, and is unique when process initiation.
Herein, hook Hook module when specific implementation is introduced:
In order to realize hook, needs to realize code in a dll, be named as NxProcessProtector.dll.
Wherein export a function:
Wherein HookAllApps effect is to implement hook or revocation hook operation.
When parameter bInstall is true, implement hook;When for false, hook is cancelled.
Parameter dwThreadId is the parameter of incoming Windows API SetWindowsHookEx, is temporarily taken less than, this
In to be passed to 0.
Parameter dwPIDToProtect is the process ID for needing process to be protected.
Parameter hwndToSendMessgae is the forms handle handle for needing to receive message, in certain application program
When calling TerminateProcess, notice system is sent the message to handle handle and is prepared.
In addition there are two global variables, are respectively as follows:
Static DWORD g_PID2Protect=0;
Static HWND g_hwnd2SendMessage=NULL;
Wherein g_PID2Protect, which is used to save, needs process ID to be protected, and g_hwnd2SendMessage is used to save
Send the purpose forms of message.The two global variables are all modified by #pragma data_seg, it is therefore an objective in multi-process
Between can share the two variables.
While recording ID number, initialization process is carried out:
By taking nonlinear editing system as an example, loaded in nonlinear editing system starting above-mentioned
NxProcessProtector.dll simultaneously calls HookProtectProcess method to implement hook.Specific location selection exists
In CNxDesktop::StartEdit () method in Nxedit.
Later, start specifically to introduce in the process of end process and how need process to be protected be protected.
When certain application program such as task manager will terminate certain process, can successively call OpenProcess method and
TerminateProcess method.The two methods all by hook, replace with oneself realization NxOpenProcess and
NxTerminateProcess。
Step 1012, receiving process operational order;
Process operation instruction includes process identification number ID and process operation;
The operation that process operation instruction can carry out automatically for some program in user's active operation or system.At this point,
It first passes through Hook technology and OpenProcess is replaced with into NxOpenProcess, receive above-mentioned process operation instruction.
Step 1013, judge whether aforesaid operations instruction is to terminate that process need to be protected;
Specifically, judge whether process identification number ID and the identification number ID that need to save process identical, process operation whether be
Terminate process operation PROCESS_TERMINATE;
Analysis process operational order judges that ID number included in it is with the need process ID number to be protected pre-saved
No identical, whether process operation is termination process operation PROCESS_TERMINATE.
In the present embodiment, refer specifically to the corresponding process ID of nonlinear editing system, also can refer to certainly other all kinds of softwares,
System, what PROCESS_TERMINATE was indicated is exactly certain " operating right label ", is specifically exactly the process that can terminate
Permission.
If so, 1014 are entered step, if it is not, directly returning to handle Handle.
Step 1014, the handle with end process permission and the preservation that need to save process are generated;
After preservation, above-mentioned handle Handle is returned.
Above-mentioned steps 1012 to step 1014 may refer to Fig. 2.
Step 102, external incoming execution handle is received;
It should be pointed out that external incoming handle Handle is an interim amount, do not have permanence and uniqueness.
At this point, the TerminateProces that system is called is replaced with by NxTerminateProces by Hook technology,
Receive external incoming execution handle Handle.
Step 103, judge external incoming execution handle is with the handle with end process permission that need to save process
It is no identical, if so, entering step 104;
If it is different, then showing that the process to be terminated not is to need process to be protected, directly execute at this time correct
TerminateProcess, end process;
If incoming the executions handle in outside with need to save the identical with the handle of end process permission of process, mean that this
When need process to be protected to be moved to end, enter step 104 at this time.
Step 104, sending terminates respond request to need to save process;
As shown in figure 3, if it find that need the process handle that terminates identical with the handle of preservation, just to needing to protect
Process (Nxedit) using SendMessage send message, after function return after terminate process again.
Judgement need to save whether process is carrying out preservation work;
It waits prompt information to user if so, sending, work to be saved is waited to terminate, returning terminates response;
If it is not, directly returning terminates accordingly;
In the process, it is possible that thread synchronization and deadlock:
Thread synchronization
It is possible that when TaskMgr executes SendMessage, it is non-to compile there is no engineering is being saved, so event is in
Set state, so this event of wait can be immediately returned to and be started to execute TerminateProcess.And proper volume non-at this time
But start to save engineering, then 0k problem can still occur.
Solution is one flag bit of setting.In the message response function of non-volume, if it find that terminate process,
This flag bit is so just set.And the preservation thread of engineering has found this flag bit, just not carry out saving engineering again
Operation.
Deadlock
If the preservation thread of engineering crashes when stored, event is just never by set, then TaskMgr is just
Never returned from SendMessage function.Two processes of Nxedit in this way and TaskMgr can all crash, user also without
Method terminates the two processes (because task manager also in the dust) by conventional means, will cause very serious problem.
Solution be in the message response function of non-volume should not wait this event cross for a long time, setting one is faced
Dividing value is temporarily set to 10 seconds here.
Step 105, the end response that need to save process return is received;
If the critical value more than returning response does not receive end response, directly execution end operation yet.
Step 106, according to response execution end operation is terminated, terminate the process that need to be saved.
The embodiment of the present invention can reach it is following the utility model has the advantages that by pre-save need to save process have end process
The handle of permission;Receive external incoming execution handle;Judge that the incoming execution handle in the outside need to save process with described
The handle with end process permission it is whether identical;Process need to be saved to described if so, sending and terminating respond request;Receive institute
State the end response that need to save process return;It is responded according to the end and executes end operation, terminate the process that need to be saved,
Make to need process to be protected, will not be just moved to end before no preservation is completed, reach effective protection process, ensure information peace
Full effect.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can lead to
Hardware realization is crossed, the mode of necessary general hardware platform can also can be added to realize by software, based on this understanding, this
The technical solution of invention can be embodied in the form of software products, which can store non-volatile deposits at one
In storage media (can be CD-ROM, USB flash disk, mobile hard disk etc.), including some instructions are used so that computer equipment (can be with
It is personal computer, server or the network equipment etc.) execute method described in each embodiment of the present invention.
In short, the foregoing is merely illustrative of the preferred embodiments of the present invention, it is not intended to limit the scope of the present invention.
All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in of the invention
Within protection scope.
Claims (6)
1. a kind of method of Process Protection, which comprises the following steps:
The handle with end process permission that need to save process is pre-saved, is specifically included: is pre-recorded described to be saved into
The identification number ID of journey;When application program terminates process, OpenProcess method and the side TerminateProcess are successively called
Method, the two methods replace with the NxOpenProcess and NxTerminateProcess of oneself realization all by hook;It receives
Process operation instruction, the process operation instruction includes process identification number ID and process operation;First passing through Hook technology will
OpenProcess replaces with NxOpenProcess, receives above-mentioned process operation instruction;Judge process identification number ID and needs to save
Whether the identification number ID of process is identical, and whether process operation is termination process operation PROCESS_TERMINATE;If so, generating
The handle with end process permission that process need to be saved and preservation;
Receive external incoming execution handle;The incoming execution handle Handle in outside is an interim amount, and it is permanent not have
Property and uniqueness;The TerminateProces that system is called is replaced with into NxTerminateProces by Hook technology, is connect
Receive external incoming execution handle Handle;
Judge the incoming execution handle in the outside and the handle with end process permission that process need to be saved whether phase
Together;
Process need to be saved to described if so, sending and terminating respond request;Judge described to save whether process is being protected
Deposit work;If it is not, then returning to the end response;If so, the preservation work is waited to terminate, the end response is returned;
Receive the end response that need to save process return;
It is responded according to the end and executes end operation, terminate the process that need to be saved.
2. method as described in claim 1, which is characterized in that the incoming execution handle in the judgement outside needs to protect with described
Deposit into journey the handle with end process permission it is whether identical after, if it is not, then directly executing the incoming execution in the outside
The order of handle.
3. method as described in claim 1, which is characterized in that the transmission terminate respond request to it is described need to save process it
Before, further includes:
Setting returns to the critical value for terminating response.
4. method as claimed in claim 3, which is characterized in that further include:
If being more than that the critical value does not receive the end response, directly execution end operation yet.
5. method as described in claim 1, which is characterized in that the transmission terminate respond request to it is described need to save process it
Afterwards, sending waits prompt information to user.
6. method as described in claim 1, which is characterized in that while the return end responds, setting process terminates
Flag bit, after the end mark position setting, the process that need to save no longer carries out the preservation work.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210074469.0A CN102768720B (en) | 2012-03-20 | 2012-03-20 | A kind of method of Process Protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210074469.0A CN102768720B (en) | 2012-03-20 | 2012-03-20 | A kind of method of Process Protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102768720A CN102768720A (en) | 2012-11-07 |
| CN102768720B true CN102768720B (en) | 2019-02-22 |
Family
ID=47096115
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210074469.0A Expired - Fee Related CN102768720B (en) | 2012-03-20 | 2012-03-20 | A kind of method of Process Protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102768720B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107729132B (en) * | 2017-10-09 | 2019-10-25 | 武汉斗鱼网络科技有限公司 | A kind of video decoding process guard method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1349167A (en) * | 2001-12-04 | 2002-05-15 | 上海复旦光华信息科技股份有限公司 | Automatic SOLARIS process protecting system |
| CN1350228A (en) * | 2001-12-04 | 2002-05-22 | 上海复旦光华信息科技股份有限公司 | Automatic WINDOWS NT course protecting system |
| CN1391386A (en) * | 2001-06-12 | 2003-01-15 | 华为技术有限公司 | Method for protecting task process in multitask operating system |
| CN102156834A (en) * | 2011-04-18 | 2011-08-17 | 北京思创银联科技股份有限公司 | Method for realizing program killing prevention |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8042186B1 (en) * | 2011-04-28 | 2011-10-18 | Kaspersky Lab Zao | System and method for detection of complex malware |
-
2012
- 2012-03-20 CN CN201210074469.0A patent/CN102768720B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1391386A (en) * | 2001-06-12 | 2003-01-15 | 华为技术有限公司 | Method for protecting task process in multitask operating system |
| CN1349167A (en) * | 2001-12-04 | 2002-05-15 | 上海复旦光华信息科技股份有限公司 | Automatic SOLARIS process protecting system |
| CN1350228A (en) * | 2001-12-04 | 2002-05-22 | 上海复旦光华信息科技股份有限公司 | Automatic WINDOWS NT course protecting system |
| CN102156834A (en) * | 2011-04-18 | 2011-08-17 | 北京思创银联科技股份有限公司 | Method for realizing program killing prevention |
Non-Patent Citations (2)
| Title |
|---|
| 利用Hook API函数OpenProcess与TerminateProcess来防止任务管理器结束进程;Delphi7456;《URL:http://www.cnblogs.com/delphi7456/archive/2010/10/31/1865729.html》;20101017;文档第1页第1行至第3页第77行 |
| 直接从任务管理器结束程序的进程,该程序如何捕获这个事件并保;wudeaaa 等;《URL:http://bbs.csdn.net/topics/340267468》;20100901;文档第1至7页 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102768720A (en) | 2012-11-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103530118B (en) | Method and device for loading user-defined DLL into target progress | |
| EP1236102B1 (en) | Object property meta model emulator for legacy data structures | |
| US20090260011A1 (en) | Command line transactions | |
| EP2979211B1 (en) | Protecting software application | |
| US6698016B1 (en) | Method for injecting code into another process | |
| CN105446806B (en) | A kind of processing method and processing device of the application program without response | |
| US20020129299A1 (en) | System and method for monitoring execution of privileged instructions | |
| CN104932972B (en) | A kind of method and device of reaction state debugging utility | |
| WO2015014150A1 (en) | Method,apparatus,and application platform for updating application object attribute | |
| JP5159896B2 (en) | DRM client collision prevention system and method through process separation execution | |
| CN107742077B (en) | Method and device for preventing information leakage in live game | |
| CN104252594A (en) | Virus detection method and device | |
| CN104360869B (en) | Method for preventing underlying driver from intercepting messages | |
| CN102768720B (en) | A kind of method of Process Protection | |
| CN111625296B (en) | Method for protecting program by constructing code copy | |
| CN111901318A (en) | Method, system and equipment for detecting command injection attack | |
| CN106372498A (en) | Software protection method and device | |
| Li et al. | SAFEPAY on Ethereum: a framework for detecting unfair payments in smart contracts | |
| KR20110057297A (en) | Dynamic analyzing system for malicious bot and methods therefore | |
| CN106407751B (en) | The method and apparatus that executable file is protected | |
| CN109254805A (en) | A kind of application self-start method, terminal installation and readable storage medium storing program for executing | |
| JPWO2019190750A5 (en) | ||
| KR101207434B1 (en) | System and Method for Preventing Collision Between Different Digital Documents Protection System | |
| JP2009199529A (en) | Information equipment, program and method for preventing execution of unauthorized program code | |
| CN103593186A (en) | Method and device for operating registry |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190222 |